Protection of Personal Data
PRIVACY NOTICE IN RELATION TO THE PROVISION OF INSURANCE SERVICES
With the present "Euroins Insurance Company" AD ("Euroins Insurance Company" AD / Company) provides information about your personal data that may be processed in connection with the conclusion, fulfillment of obligations and settlement of claims under an insurance contract and use of the Company's website.
What personal data we process about you
The personal data that is usually processed in connection with the conclusion and fulfillment of obligations under an insurance contract are the following:
- Name: name, surname and surname;
- PIN, PNF, date of birth;
- Contacts: e-mail, address and telephone;
- Company/Organization (if applicable);
- Address: permanent or current.
- Financial information: bank account number, payment instrument number (such as credit card number) and security code (linked to the payment instrument), tax and other financial information.
- IP address, country, location, geolocation, browser and device characteristics and other technical information (collected automatically when visiting the Company's website);
- Information related to the insured risks – work experience, professional experience, salary, property (such as vehicle data, property), etc.;
- Policy number/damage, customer number or other identifier created by the Company;
- Health data: information on the health status of users of insurance services (diagnosis, medical records, other medical documents for examinations, tests or other interventions);
- Data provided by users of insurance services in inquiries, complaints and other requests;
- Recording of telephone calls made when calling from and to the telephone exchange of the Company.
- Video images from security cameras placed in the offices of the Company.
On what basis we process your personal data
The processing of personal data is necessary for the conclusion and/or performance of an insurance contract (including the administration of claims), including for contacting the user of insurance services – Art. 6, para. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).
- The Company processes personal data in fulfillment of legal obligations, such as providing information to regulatory authorities, courts or investigative bodies, state institutions, organizations and others (legal obligations are provided for in various regulations) – Art. 6, para. 1(c) GDPR.
- On the grounds of legitimate interest, the Company processes personal data in carrying out video surveillance, recording and storage of telephone calls from a national telephone number, debt collection, reinsurance, checks to prevent insurance fraud, conclusion of group insurance, portfolio analysis, etc. 6, para. 1(f) GDPR.
- The Company may process health data for the purpose of preparing a proposal for an insurance contract on the basis of a legal basis – Art. 9, para. 4 of the GDPR.
- The Company may process health data (diagnosis, health status, medical documents) provided for the purpose of settling an insurance claim, for establishing, exercising or defending legal claims – Art. 9, para. 2(f) GDPR.
- The Company may process your health data for the purposes of preventive or occupational medicine to provide health care (preventive examinations of the insured) – art. 9, para. 2 (h) GDPR.
Automated decision-making in the processing of personal data and profiling
It is possible for the Company to make decisions based on automated processing, including profiling when bidding to conclude an insurance contract. Profiling is the automated processing of personal data for the purpose of evaluating certain personal aspects related to a person, including to analyze or predict his behavior, performance of his professional duties, economic situation, personal preferences, interests, reliability, behavior, location or movement. Euroins AD may use information systems to calculate the probability of occurrence of an insured event. Information systems work on the basis of set criteria developed by actuaries, not using special categories of personal data and data of children.
The Company shall implement suitable measures to safeguard the rights and freedoms and legitimate interests of data subjects, at least the right to obtain human intervention, the right to express his or her point of view and contest the decision.
For what purposes we use your data
The personal data you provide will be used for the purposes of administering the insurance relationship, including, but not limited to, for the purposes of:
- identification of individual needs for insurance products;
- preparation of an individual insurance proposal;
- conclusion of an insurance contract and its administration;
- registration on the Company's website or mobile application;
- to provide better service (geolocation via Google Maps);
- payment of the insurance premium;
- processing of claims in connection with the occurrence of an insured event and payment of insurance indemnity in case of liquidation of damage;
- handling complaints and other enquiries;
- prevention of insurance fraud;
- risk analysis and assessment;
- compliance with legal requirements, including the prevention of conflicts of interest and corrupt practices;
- for statistical and analytical purposes;
- security and control of violations;
- submission of recourse claims in the cases provided for by law;
- protection of the site;
"Euroins" AD processes your personal data in order to send you messages about the operations performed under your insurance/damages, through phone calls, emails, sms, letters, etc. The messages concern only products for which you have a contract. These messages are not related to direct marketing of products.
The Company may, on the basis of its legitimate interest, use the personal data of a client without the need for his consent when offering him a compatible product with the one originally used, in order to improve the quality of service by offering him another product according to his needs. Such a proposal does not require the explicit consent of the insured.
To whom we may share your personal data
In compliance with the legal requirements, it is possible for Euroins AD to disclose personal data of the users of insurance services to:
- Service providers (consultants, experts, appraisers, lawyers, etc.). When using services related to the conclusion of the insurance contract and payment of insurance indemnity, technical support of information systems and operational support of the Company's activities, it is possible to disclose personal data. Such disclosure of data is carried out only if there is a good reason for doing so.
- In the performance of its obligations under certain insurances, Euroins AD may disclose personal data to subcontractors who provide services on behalf of the Company on and outside the territory of the Republic of Bulgaria. In the case of data transfers to persons based in third countries, the transfer is necessary for the establishment, exercise or protection of legal claims.
- In fulfillment of its legal rights and obligations, the Company transfers data on policies and claims under motor third party liability insurance and claims under Casco insurance to the system of the Guarantee Fund. It may also transfer personal data to the general government bodies: FSC, NRA, SANS, CPDP and other administrators such as external auditors, postal service operator, banks, bailiffs and others.
- Reinsurers: In order to provide coverage of its insurance portfolio, Euroins AD may disclose personal data to reinsurers, reinsurance brokers and their representatives.
- In compliance with the applicable legislation, Euroins AD may disclose personal data to the Euroins Insurance Group AD. Insurance intermediaries: The company works with a network of insurance and reinsurance intermediaries – brokers, agents and intermediaries offering insurance products as an ancillary activity (Art. 294 of the Insurance Code). For this purpose, personal data may be shared (usually directly by the users of insurance services) to intermediaries.
How long is your personal data stored?
The company keeps the individual documents as follows:
- Insurance contracts and documents that are part of it (proposal for concluding an insurance contract, policy, annexes, etc.) – a maximum period of 10 (ten) years after the expiration of the year in which they are submitted for archiving.
- Documents regarding an application for an insurance claim – a maximum period of 10 (ten) years after the expiration of the year in which they are submitted for archiving, the term depending on the type of insurance.
- Requests and complaints – kept for the period of storage of the insurance claim to which they relate.
- Unaccepted offers for concluding an insurance contract (offers) – up to 2 (two) years after the expiration of the year of receipt of the data.
- Recordings of video surveillance systems installed in the offices of the Company – a maximum period of 2 (two) months.
- Recordings of telephone conversations made when calling from and to a telephone exchange of the Company – 1 (one) year.
- Registration on the site or mobile application of the Company – up to 5 (five) years after termination of the registration.
- Records proving acquaintance, acceptance, consent and declared circumstances at the conclusion of an insurance contract through an online platform – a maximum period of 10 (ten) years, the term depending on the type of insurance.
The deadlines are determined in compliance with the regulatory requirements for the storage of documents and data and taking into account the legitimate interest of the Company to exercise and protect its interests in disputes and legal claims.
Your rights with respect to your personal data
In compliance with the applicable legislation, the users of insurance services have the following rights with respect to their personal data processed by Euroins AD:
- To gain access to their personal data that the Company processes and to obtain a copy of them.
- In case of incompleteness or inaccuracy of the data processed by the Company, their personal data shall be corrected.
- To ask for their data to be deleted when the prerequisites for this are present. Such cases are if the purpose for which the data was collected is achieved; have withdrawn consent where the processing is based on consent and there is no other legal basis for processing; The data is processed unlawfully and others.
- In the cases specified by applicable law, require the processing of personal data to be restricted.
- Exercise the right to data portability and request that the data be provided in a structured, commonly used and machine-readable format.
- Withdraw consent when the processing of personal data is based on consent.
Detailed information on the terms and conditions for exercising the rights is in accordance with the Rules for providing information on the exercise of the rights of personal data subjects, which can be found on the website (www.euroins.bg), as well as in any office of the Company.
In cases where the data is processed on the basis of a legitimate interest, the processing of personal data on this basis may be objected.
Data subjects also have the right to lodge complaints with the data protection supervisory authority of the country of habitual residence, or place of employment or place of alleged infringement. For Bulgaria, the data protection supervisory authority is the Commission for Personal Data Protection.
How to contact us
You can contact "Euroins Insurance Company" AD at the following address: Bulgaria, Sofia, bul. Christopher Columbus 43, el. Mail: firstname.lastname@example.org. Contact details of the Data Protection Officer of Euroins AD: email@example.com.